OWASP ZAP

OWASP ZAP by OWASP

OWASP ZAP software reviews, alternatives, pricing, & feature 2026

Static Application Security Testing (SAST)
No ratings yet
Unclaimed Profile
Vendor profile not claimed
This vendor hasn’t yet claimed their profile on our platform and may be unaware it's listed. As a result, their rating might not fully reflect their customer service or responsiveness.
Visit Website
Write a review
Static Application Security Testing (SAST)

OWASP ZAP reviews and summary

OWASP ZAP (Zed Attack Proxy) is a free, open-source, and highly popular web application security scanner. It acts as a "man-in-the-middle" proxy between a tester's browser and the web application, allowing for real-time interception and inspection of traffic. ZAP is packed with features including automated scanners for common vulnerabilities, intelligent passive scanning, a full suite of manual penetration testing tools, and a powerful API for automation. It is designed to help developers and security professionals find security vulnerabilities in web applications during both development and testing phases. OWASP ZAP is for a wide audience including penetration testers, security consultants, developers, and DevOps engineers who are responsible for th...

Best for

OWASP ZAP is for a wide audience including penetration testers, security consultants, developers, and DevOps engineers who are responsible for the security of web applications. Its open-source nature and comprehensive feature set make it accessible to everyone from students learning about security to professionals in large enterprises.

Starting price Pricing not listed
Category Static Application Security Testing (SAST)
Vendor OWASP
Key takeaways

Our verdict

Our verdict is that OWASP ZAP is an exceptional tool that delivers enterprise-grade web application security testing for free. Its combination of automation and powerful manual tools, supported by a strong community, makes it an invaluable asset for any individual or organization serious about improving their web application security posture.

Quick facts

OWASP ZAP at a glance

Starting price Pricing not listed
Vendor OWASP
Location Japan
Category Static Application Security Testing (SAST)
Ratings

OWASP ZAP ratings

There is not enough rating data for this software yet. Rating details will appear when reviews or reliable aggregate rating data are available.

No rating yet

No rating data yet

Rating distribution will appear after reviews or reliable aggregate rating data are available.

Decision notes

OWASP ZAP pros and cons

Potential strengths

  • Clear buyer-fit positioning is available in the profile data.

Points to verify

  • Confirm current pricing, contract terms, and included plan details with the vendor.
  • Confirm product-specific availability for category-level features before buying.
  • There are no written reviews for this software yet.
  • Published pricing is not available in this profile data.
Buyer fit

Who uses OWASP ZAP?

OWASP ZAP is for a wide audience including penetration testers, security consultants, developers, and DevOps engineers who are responsible for the security of web applications. Its open-source nature and comprehensive feature set make it accessible to everyone from students learning about security to professionals in large enterprises.

Pricing

OWASP ZAP pricing

Starting price Pricing not listed

Pricing is not published in the available profile data. Visit the vendor website for current pricing.

Visit Website
Compare

OWASP ZAP alternatives

Compare OWASP ZAP with other Static Application Security Testing (SAST) tools that buyers often evaluate.

Google Docs by Google

4.7 (25.8K)

Google Docs is a browser-based document tool for creating, editing, and sharing written work with collaborators. It suits teams and individuals comparing lightweight document manag...

View software

Google Drive by Google

4.8 (24.1K)

Google Drive is a cloud workspace for storing and sharing files, photos, and documents with your team in one place. It is most useful when you want synced updates, easy collaborati...

View software

PayPal by PayPal

4.7 (21.5K)

PayPal is a practical choice when your team needs taking and managing online payments and less workflow switching. It tends to work best when ownership, review rhythm, and sharing...

View software Visit site

Slack by Slack

4.7 (21.2K)

Slack is a practical choice when your team needs day-to-day team communication and less workflow switching. It tends to work best when ownership, review rhythm, and sharing rules a...

View software Visit site

Trello by Atlassian

4.5 (20.5K)

Trello is a practical choice when your team needs simple, visual project planning and less workflow switching. It tends to work best when ownership, review rhythm, and sharing rule...

View software

Microsoft PowerPoint by Microsoft

4.7 (19.0K)

Microsoft PowerPoint is a practical choice when your team needs creating clear visual presentations and less workflow switching. It tends to work best when ownership, review rhythm...

View software Visit site

Dropbox Business by Dropbox

4.5 (18.6K)

Dropbox Business is a practical choice when your team needs shared file storage and team access and less workflow switching. It tends to work best when ownership, review rhythm, an...

View software
Software reviews

OWASP ZAP software reviews

No software reviews yet

No software reviews have been submitted for OWASP ZAP yet.

Write the first review
FAQ

OWASP ZAP FAQs

OWASP ZAP (Zed Attack Proxy) is a free, open-source, and highly popular web application security scanner. It acts as a "man-in-the-middle" proxy between a tester's browser and the web application, allowing for real-time interception and inspection of traffic. ZAP is packed with features including automated scanners for common vulnerabilities, intelligent passive scanning, a full suite of manual penetration testing tools, and a powerful API for automation. It is designed to help developers and security professionals find security vulnerabilities in web applications during both development and testing phases.

OWASP ZAP is for a wide audience including penetration testers, security consultants, developers, and DevOps engineers who are responsible for the security of web applications. Its open-source nature and comprehensive feature set make it accessible to everyone from students learning about security to professionals in large enterprises.

Pricing is not published in the available profile data. Visit the vendor website for current pricing.

OWASP ZAP is listed in Static Application Security Testing (SAST).

OWASP ZAP is listed with OWASP as the vendor.

Buyers often compare OWASP ZAP with other Static Application Security Testing (SAST) tools such as Google Docs, Google Drive, PayPal, Slack. Review ratings, pricing, and fit before choosing.

Yes. Use the Write a review button on this page to submit a software review for OWASP ZAP.
Trust and data

How we build software profiles

Catalog data

Software profiles can include software facts and public catalog information.

User reviews

Software reviews are submitted by users and moderated before publication.

Vendor updates

Claimed vendors can update profile details and respond to reviews.

This profile can include catalog facts, aggregate ratings, submitted software reviews, and vendor profile updates when available.

For Vendors

Manage this software profile

Claim this profile to update pricing, screenshots, features, and respond to reviews.

We use cookies to personalize your experience. By continuing to visit this website you agree to our use of cookies

More